Guest Posted March 9, 2003 Share Posted March 9, 2003 The server will need PHP with mcrypt but it's a start. Payment info form: $key = "pleasechangethesecretkey"; // Encryption... $td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, ""); srand((float)microtime() * 1000000); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size ($td), MCRYPT_RAND); mcrypt_generic_init($td, $key, $iv); $cc_number = mcrypt_generic($td, $cc_number); // store CCNum|iv $cc_number = $cc_number."|".$iv; Now that will put the CC into the DB encrypted. But to get it out it would look like this: $key = "pleasechangethesecretkey"; $cc_result = mysql_query("SELECT cc_number FROM orders WHERE order_id=$_GET[order_id]"); list($cc_number, $iv) = mysql_fetch_row( $cc_result ); if ( $cc_number ) { // Decryption ... list($cc_number, $iv) = explode("|", $cc_number); $td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, ""); mcrypt_generic_init($td, $key, $iv); $cc_number = mdecrypt_generic($td, $order_cc_number); // replace CCNum w/ XXX's etc... } echo "$cc_number"; Let me know if this is a bad idea, or needs work. Link to comment Share on other sites More sharing options...
Guest Posted March 9, 2003 Share Posted March 9, 2003 forgot to mentiuon that I made this for a homebuilt store that I use elsewhere. This DOES work. Link to comment Share on other sites More sharing options...
Harald Ponce de Leon Posted March 9, 2003 Share Posted March 9, 2003 Please remember that it is only secure as much as the key is secure. , osCommerce Link to comment Share on other sites More sharing options...
Harald Ponce de Leon Posted March 9, 2003 Share Posted March 9, 2003 Please remember that it is only secure as much as the key is secure. ..not in the sense of a hard to guess password, but how to access the password as it is plain text and resides on the server. , osCommerce Link to comment Share on other sites More sharing options...
Guest Posted March 9, 2003 Share Posted March 9, 2003 Yeah ... I have been trying ot think of a way to have it dynamicly created. Like some sort of random # generator. Cause I don't care to know the key. If I can't decrypt the CC, I will just call and ask for it. Ideas? Link to comment Share on other sites More sharing options...
Guest Posted March 9, 2003 Share Posted March 9, 2003 Maybe have the key be the session ID? Cause if they login and proceed to order they will have a session ID in the DB (at least for my store). Would just have to figure out how to call it back up. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.